Contributions to the verification and control of timed and - - PowerPoint PPT Presentation
Contributions to the verification and control of timed and probabilistic models Nathalie Bertrand Inria Rennes Habilitation defense - November 16th 2015 November 16th 2015 Habilitation Defense Formal verification of software systems
November 16th 2015 – Habilitation Defense
Nathalie Bertrand
Inria Rennes Habilitation defense - November 16th 2015
Software systems are everywhere. Bugs are everywhere. Formal verification should be everywhere! static analysis analysis of the source code of a program in a static manner, i.e. without executing it theorem proving automated proofs of mathematical statements through logical reasoning using deduction rules model based testing generation of a set of testing scenarios, given a model of the system model checking certification that a mathematical representation of the system satisfies a model of its specification
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 2/ 30
Software systems are everywhere. Bugs are everywhere. Formal verification should be everywhere! static analysis analysis of the source code of a program in a static manner, i.e. without executing it theorem proving automated proofs of mathematical statements through logical reasoning using deduction rules model based testing generation of a set of testing scenarios, given a model of the system model checking certification that a mathematical representation of the system satisfies a model of its specification
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 2/ 30
Does system satisfy specification ?
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 3/ 30
Does system satisfy specification ? model ϕ formula
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 3/ 30
Does system satisfy specification ? model ϕ formula ? | = model checker
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 3/ 30
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 4/ 30
3 2 1 12 11 10 9 8 7 6 5 4
timing constraints delays, timeouts real-time systems
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 5/ 30
3 2 1 12 11 10 9 8 7 6 5 4
timing constraints delays, timeouts real-time systems probabilities randomized algorithms unpredictable behaviours
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 5/ 30
3 2 1 12 11 10 9 8 7 6 5 4
timing constraints delays, timeouts real-time systems probabilities randomized algorithms unpredictable behaviours partial observation large systems security concerns
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 5/ 30
3 2 1 12 11 10 9 8 7 6 5 4
timing constraints delays, timeouts real-time systems probabilities randomized algorithms unpredictable behaviours partial observation large systems security concerns parameters unknown value generic systems
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 5/ 30
model-based testing
3 2 1 12 11 10 9 8 7 6 5 4
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 6/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❶ timed automata
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 7/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❶ timed automata ❷ stochastic timed automata
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 7/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❶ timed automata ❷ stochastic timed automata ❸ partially observable probabilistic systems
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 7/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❶ timed automata ❷ stochastic timed automata ❸ partially observable probabilistic systems ❹ parameterized probabilistic networks
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 7/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❶ timed automata
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 8/ 30
3 2 1 12 11 10 9 8 7 6 5 4
ℓ0 ℓ1 ℓ2 ℓ3 (a,.5)(b,.5) read on two paths < x < 1 , a < x < 1 , a x : = < x < 1 , b x = , b 0<x<1,a
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 9/ 30
3 2 1 12 11 10 9 8 7 6 5 4
ℓ0 ℓ1 ℓ2 ℓ3 (a,.5)(b,.5) read on two paths < x < 1 , a < x < 1 , a x : = < x < 1 , b x = , b 0<x<1,a ℓ0 ℓ1 ℓ2 0<y<1,a z:=0 0≤z<y<1,b 0<y<1,a,z:=0
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 9/ 30
3 2 1 12 11 10 9 8 7 6 5 4
ℓ0 ℓ1 ℓ2 ℓ3 (a,.5)(b,.5) read on two paths < x < 1 , a < x < 1 , a x : = < x < 1 , b x = , b 0<x<1,a ℓ0 ℓ1 ℓ2 0<y<1,a z:=0 0≤z<y<1,b 0<y<1,a,z:=0
Motivations for determinization simpler model, easy complementation, offline monitor synthesis
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 9/ 30
3 2 1 12 11 10 9 8 7 6 5 4
ℓ0 ℓ1 ℓ2 ℓ3 (a,.5)(b,.5) read on two paths < x < 1 , a < x < 1 , a x : = < x < 1 , b x = , b 0<x<1,a ℓ0 ℓ1 ℓ2 0<y<1,a z:=0 0≤z<y<1,b 0<y<1,a,z:=0
Motivations for determinization simpler model, easy complementation, offline monitor synthesis Hard problem for timed automata
◮ determinization unfeasible in general ◮ determinizability undecidable
[AD94] Alur and Dill, A theory of timed automata. TCS, 1994. [Tri06] Tripakis, Folk theorems on the determinization and minimization of timed automata, IPL, 2006. [Fin06] Finkel, Undecidable problems about timed automata, Formats’06. Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 9/ 30
3 2 1 12 11 10 9 8 7 6 5 4
[FoSSaCS’11, FMSD’15]
eron, Krichen, Stainer Am´ elie Stainer’s PhD thesis
◮ exact determinization or
◮ subsumes exact
determinization procedure
Brihaye [ICALP’09]
◮ no complexity overhead ◮ application to offline test
generation w. J´ eron, Krichen and Stainer
[TACAS’11, LMCS’12]
ℓ0, x − y = 0, ⊤ {0} ℓ0, x − y = 0, ⊤ (0,1) ℓ1, x − y = 0, ⊤ ℓ2, −1 < x − y < 0, ⊤ ℓ3, −1 < x − y < 0, ⊤ (0,1) ℓ3, −1 < x − y < 0, ⊥ ℓ3, x − y = 0, ⊤ {0} ℓ3, x − y = 0, ⊥ ℓ0, 0 < x − y < 1, ⊤ {0} ℓ1, 0 < x − y < 1, ⊤ ℓ2, x − y = 0, ⊤ ℓ0, 0 < x − y < 1, ⊥ (0,1) ℓ1, 0 < x − y < 1, ⊥ ℓ2, −1 < x − y < 0, ⊥ ℓ0, 0 < x − y < 1, ⊥ {0} ℓ1, 0 < x − y < 1, ⊥ ℓ2, x − y = 0, ⊥ ℓ3, x − y = 0, ⊤ {0} ℓ3, x − y = 0, ⊥ {0} ℓ3, 0 < x − y < −1, ⊥ (0, 1) (0, 1), a (0, 1), b (0, 1), a {0}, b {0}, a {y} ∅ {y} ∅ {y} ∅ ( , 1 ) , a {y} ∅ ∅ ∅ (0, 1), a (0, 1), b {y} {y} {y} (0, 1), a {y} ∅ {0}, b {0}, a {y} ∅ {y} ∅ {y} ∅ {y} {y} ∅ ∅ ∅ (0, 1), b ( , 1 ) , b
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 10/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❷ stochastic timed automata
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 11/ 30
3 2 1 12 11 10 9 8 7 6 5 4
Two complementary views
model: CTMC; property: CSL, CSLTA, or timed automata
stochastic Petri nets, probabilistic timed automata, probabilistic real-time systems
[BHHK03] Baier et al., Model checking algorithms for continuous-time Markov chains. IEEE TSE, 2003. [DHS09] Donatelli, Haddad and Sproston, Model checking timed and stochastic properties with CSLTA, IEEE TSE, 2009. [KNSS02] Kwiatkowska et al., Automatic verification of real-time systems with discrete probability distributions, TCS, 2002. [ACD91] Alur, Courcoubetis and Dill, Model-checking for probabilistic real-time systems, ICALP’91. Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 12/ 30
3 2 1 12 11 10 9 8 7 6 5 4
Two complementary views
model: CTMC; property: CSL, CSLTA, or timed automata
stochastic Petri nets, probabilistic timed automata, probabilistic real-time systems Stochastic timed automata: timed automata with random delays
[BHHK03] Baier et al., Model checking algorithms for continuous-time Markov chains. IEEE TSE, 2003. [DHS09] Donatelli, Haddad and Sproston, Model checking timed and stochastic properties with CSLTA, IEEE TSE, 2009. [KNSS02] Kwiatkowska et al., Automatic verification of real-time systems with discrete probability distributions, TCS, 2002. [ACD91] Alur, Courcoubetis and Dill, Model-checking for probabilistic real-time systems, ICALP’91. Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 12/ 30
3 2 1 12 11 10 9 8 7 6 5 4
Two complementary views
model: CTMC; property: CSL, CSLTA, or timed automata
stochastic Petri nets, probabilistic timed automata, probabilistic real-time systems Stochastic timed automata: timed automata with random delays
◮ probabilistic choice between events
extends CTMC
◮ non-deterministic choice between events
extends CTMDP
[BHHK03] Baier et al., Model checking algorithms for continuous-time Markov chains. IEEE TSE, 2003. [DHS09] Donatelli, Haddad and Sproston, Model checking timed and stochastic properties with CSLTA, IEEE TSE, 2009. [KNSS02] Kwiatkowska et al., Automatic verification of real-time systems with discrete probability distributions, TCS, 2002. [ACD91] Alur, Courcoubetis and Dill, Model-checking for probabilistic real-time systems, ICALP’91. Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 12/ 30
3 2 1 12 11 10 9 8 7 6 5 4
[FSTTCS’07, LICS’08, QEST’08, QEST’13, LMCS’14]
ℓ0 x≤1 ℓ1 ℓ2 ℓ3 x≤1 e2, x≤1 e3, x≤2, x:=0 e4, x≥2, x:=0 e5, x≤2 e6, x=0 e1, x≤1, x:=0 e7, x≤1, x:=0
almost-sure satisfaction: P
pruned region Markov chain abstraction correct for restricted classes of STA
ℓ0,0 ℓ1,(0,1) ℓ1,(1,2) ℓ2,0 e1
1 2
e2
1 2
e3
1 2
e3
1 2
e5
1 2
e5
1 2
e4
1 2 1 2
quantitative analysis: P
refined Markov chain with memoryless regions correct for even more restricted classes of STA
ℓ0,0 ℓ2,0 e2e4
1 2 ·(e−1−e−2)
e5e3
1 2 ·(1+e−2)
e1
1 2
e2e3
1 2 ·(1−e−1+e−2)
e5e4
1 2 ·(1−e−2)
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 13/ 30
3 2 1 12 11 10 9 8 7 6 5 4
[FSTTCS’07, LICS’08, QEST’08, QEST’13, LMCS’14]
ℓ0 x≤1 ℓ1 ℓ2 ℓ3 x≤1 e2, x≤1 e3, x≤2, x:=0 e4, x≥2, x:=0 e5, x≤2 e6, x=0 e1, x≤1, x:=0 e7, x≤1, x:=0
almost-sure satisfaction: P
pruned region Markov chain abstraction correct for restricted classes of STA
ℓ0,0 ℓ1,(0,1) ℓ1,(1,2) ℓ2,0 e1
1 2
e2
1 2
e3
1 2
e3
1 2
e5
1 2
e5
1 2
e4
1 2 1 2
quantitative analysis: P
refined Markov chain with memoryless regions correct for even more restricted classes of STA
ℓ0,0 ℓ2,0 e2e4
1 2 ·(e−1−e−2)
e5e3
1 2 ·(1+e−2)
e1
1 2
e2e3
1 2 ·(1−e−1+e−2)
e5e4
1 2 ·(1−e−2)
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 13/ 30
3 2 1 12 11 10 9 8 7 6 5 4
[FSTTCS’07, LICS’08, QEST’08, QEST’13, LMCS’14]
ℓ0 x≤1 ℓ1 ℓ2 ℓ3 x≤1 e2, x≤1 e3, x≤2, x:=0 e4, x≥2, x:=0 e5, x≤2 e6, x=0 e1, x≤1, x:=0 e7, x≤1, x:=0
almost-sure satisfaction: P
pruned region Markov chain abstraction correct for restricted classes of STA
ℓ0,0 ℓ1,(0,1) ℓ1,(1,2) ℓ2,0 e1
1 2
e2
1 2
e3
1 2
e3
1 2
e5
1 2
e5
1 2
e4
1 2 1 2
quantitative analysis: P
refined Markov chain with memoryless regions correct for even more restricted classes of STA
ℓ0,0 ℓ2,0 e2e4
1 2 ·(e−1−e−2)
e5e3
1 2 ·(1+e−2)
e1
1 2
e2e3
1 2 ·(1−e−1+e−2)
e5e4
1 2 ·(1−e−2)
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 13/ 30
3 2 1 12 11 10 9 8 7 6 5 4
ℓ0 x≤1 ℓ1 ℓ2 ℓ3 e1 e0, x:=0 e2,x<1 e3,x≥1
[Formats’12, QEST’14]
no optimal scheduler to maximize probability to reach ℓ3
◮ existence of optimal scheduler for time-bounded reachability
supσ Pσ(≤3.2ℓ3) is attained by a memoryless deterministic scheduler
◮ decidability of limit-sure time-unbounded reachability
whether supσ Pσ(ℓ3) = 1 is decidable in PTIME
ℓ0, •(0, 1) ℓ0, (0, 1)• ℓ1, •(0, 1) ℓ1, (0, 1)• ℓ1, (1, ∞) ℓ0, 0 ℓ1, (0, 1)• ℓ1, (1, ∞) ℓ1, •(0, 1) ℓ3 ℓ2 e1 e1 elimit
1
e2 e2 e3 e0 e0
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 14/ 30
3 2 1 12 11 10 9 8 7 6 5 4
ℓ0 x≤1 ℓ1 ℓ2 ℓ3 e1 e0, x:=0 e2,x<1 e3,x≥1
[Formats’12, QEST’14]
no optimal scheduler to maximize probability to reach ℓ3
◮ existence of optimal scheduler for time-bounded reachability
supσ Pσ(≤3.2ℓ3) is attained by a memoryless deterministic scheduler
◮ decidability of limit-sure time-unbounded reachability
whether supσ Pσ(ℓ3) = 1 is decidable in PTIME
ℓ0, •(0, 1) ℓ0, (0, 1)• ℓ1, •(0, 1) ℓ1, (0, 1)• ℓ1, (1, ∞) ℓ0, 0 ℓ1, (0, 1)• ℓ1, (1, ∞) ℓ1, •(0, 1) ℓ3 ℓ2 e1 e1 elimit
1
e2 e2 e3 e0 e0
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 14/ 30
3 2 1 12 11 10 9 8 7 6 5 4
ℓ0 x≤1 ℓ1 ℓ2 ℓ3 e1 e0, x:=0 e2,x<1 e3,x≥1
[Formats’12, QEST’14]
no optimal scheduler to maximize probability to reach ℓ3
◮ existence of optimal scheduler for time-bounded reachability
supσ Pσ(≤3.2ℓ3) is attained by a memoryless deterministic scheduler
◮ decidability of limit-sure time-unbounded reachability
whether supσ Pσ(ℓ3) = 1 is decidable in PTIME
ℓ0, •(0, 1) ℓ0, (0, 1)• ℓ1, •(0, 1) ℓ1, (0, 1)• ℓ1, (1, ∞) ℓ0, 0 ℓ1, (0, 1)• ℓ1, (1, ∞) ℓ1, •(0, 1) ℓ3 ℓ2 e1 e1 elimit
1
e2 e2 e3 e0 e0
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 14/ 30
3 2 1 12 11 10 9 8 7 6 5 4
◮ timed automata with random delays
ℓ0 x≤1 ℓ1 ℓ2 ℓ3 e1 e0, x:=0 e2,x<1 e3,x≥1
◮ refinements of the region abstraction to decide various
model checking and control problems (for restricted classes)
ℓ0,0 ℓ1,(0,1) ℓ1,(1,2) ℓ2,0 e1
1 2
e2
1 2
e3
1 2
e3
1 2
e5
1 2
e5
1 2
e4
1 2 1 2
ℓ0,0 ℓ2,0 e2e4
1 2 ·(e−1−e−2)
e5e3
1 2 ·(1+e−2)
e
1 1 2
e
2
e
3 1 2 ·(1−e−1+e−2)
e
5
e
4 1 2 ·(1−e−2)
ℓ0, •(0, 1) ℓ0, (0, 1)• ℓ1, •(0, 1) ℓ1, (0, 1)• ℓ1, (1, ∞) ℓ0, 0 ℓ1, (0, 1)• ℓ1, •(1, ∞) ℓ1, •(0, 1) ℓ3 ℓ2 e1 e1 elimit
1
e2 e2 e3 e0 e0 Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 15/ 30
3 2 1 12 11 10 9 8 7 6 5 4
◮ an intriguing open question
◮ decidability of almost-sure model checking for general STA?
◮ controlling STA for qualitative objectives
◮ B¨
uchi condition positively already harder than limit-sure reachability
◮ controlling reactive STA for quantitative objectives
◮ approximation scheme based on finite attractor property? Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 16/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❸ partially observable probabilistic systems
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 17/ 30
q0 f1 f2 q1 q2 f,1/2 u,1/2 a,1/2 c,1/2 c b,1/2 b,1/2 c
1 2 3 W L a,1/3 a,1/3 a,1/3 a a b c c b
◮ monitoring issues: fault diagnosis ◮ control problems: probability optimization for a given objective ◮ language-theory: languages defined by probabilistic automata
[Rab63] Rabin, Probabilistic automata. I&C, 1963. [Ast65] Astr¨
[Paz71] Paz, Introduction to probabilistic automata, Academic Press, 1971. [TT05] Thorsley and Teneketzis, Diagnosability of stochastic discrete-event systems, IEEE TAC, 2005. Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 18/ 30
s t a,1/2 b a,1/2 a
[FoSSaCS’08, JACM’12]
probabilistic acceptors for ω-languages L(A) = {w ∈ Σω | P(w accepted) > 0}
◮ language depends on probability values ◮ closure under complement ◮ undecidability of emptiness
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 19/ 30
s t a,1/2 b a,1/2 a
[FoSSaCS’08, JACM’12]
probabilistic acceptors for ω-languages L(A) = {w ∈ Σω | P(w accepted) > 0}
◮ language depends on probability values ◮ closure under complement ◮ undecidability of emptiness
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 19/ 30
q0 f1 f2 q1 q2 f,1/2 u,1/2 a,1/2 c,1/2 c b,1/2 b,1/2 c
[FoSSaCS’14, FSTTCS’14]
Engel Lefaucheux’s PhD thesis Objective: given observation, determine whether a fault f occurred Probabilistic diagnosis: almost-sure detection of faults
◮ semantical study of relevant diagnosability notions ◮ diagnosability is PSPACE-complete
Active probabilistic diagnosis: control the system so that it is diagnosable
◮ active diagnosability is EXPTIME-complete ◮ undecidable if correct runs must have positive probability
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 20/ 30
q0 f1 f2 q1 q2 f,1/2 u,1/2 a,1/2 c,1/2 c b,1/2 b,1/2 c
[FoSSaCS’14, FSTTCS’14]
Engel Lefaucheux’s PhD thesis Objective: given observation, determine whether a fault f occurred Probabilistic diagnosis: almost-sure detection of faults
◮ semantical study of relevant diagnosability notions ◮ diagnosability is PSPACE-complete
Active probabilistic diagnosis: control the system so that it is diagnosable
◮ active diagnosability is EXPTIME-complete ◮ undecidable if correct runs must have positive probability
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 20/ 30
q0 f1 f2 q1 q2 f,1/2 u,1/2 a,1/2 c,1/2 c b,1/2 b,1/2 c
[FoSSaCS’14, FSTTCS’14]
Engel Lefaucheux’s PhD thesis Objective: given observation, determine whether a fault f occurred Probabilistic diagnosis: almost-sure detection of faults
◮ semantical study of relevant diagnosability notions ◮ diagnosability is PSPACE-complete
Active probabilistic diagnosis: control the system so that it is diagnosable
◮ active diagnosability is EXPTIME-complete ◮ undecidable if correct runs must have positive probability
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 20/ 30
Probabilistic B¨ uchi automata
◮ language properties, undecidability of emptiness problem
Fault diagnosis for stochastic systems
◮ passive and active diagnosis
Partially observable MDP
[FSTTCS’11] w. Genest
◮ cost optimization for almost-sure reachability
Stochastic games with signals
[LICS’09] w. Genest and Gimbert
◮ qualitative determinacy for almost-sure reachability, safety or B¨
uchi
◮ resolution and optimal strategy synthesis 2EXPTIME-complete ◮ memory requirements: from none to doubly exponential
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 21/ 30
Probabilistic B¨ uchi automata
◮ language properties, undecidability of emptiness problem
Fault diagnosis for stochastic systems
◮ passive and active diagnosis
Partially observable MDP
[FSTTCS’11] w. Genest
◮ cost optimization for almost-sure reachability
Stochastic games with signals
[LICS’09] w. Genest and Gimbert
◮ qualitative determinacy for almost-sure reachability, safety or B¨
uchi
◮ resolution and optimal strategy synthesis 2EXPTIME-complete ◮ memory requirements: from none to doubly exponential
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 21/ 30
Fault diagnosis: towards more quantitative questions
◮ accurate approximate diagnosability ◮ spatial optimization - sensor minimization ◮ temporal optimization - observation times
minimization
q0 f1 q1 f,1/2 u,1/2 a,1/2 b,1/2 a,2/3 b,1/3
Partial observation vs no observation
◮ any difference from a decidability point of view?
Alternative semantics for probabilistic automata
◮ continuous distributions approximated by large discrete sets a,1/2 b a,1/2 a a,1/2 b a,1/2 a ◮ link with parameterized verification
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 22/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❹ parameterized probabilistic networks
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 23/ 30
q0 q1 qf ε ??m ??m !!m
unknown number of nodes all running same code broadcast communications Parameterized verification does the network satisfy its specification independently of the number of nodes?
[GS92] German and Sistla, Reasoning about systems with many processes, JACM 1992. [EFM99] Esparza, Finkel and Mayr, On the verification of broadcast protocols, LICS’99. [DSZ10] Delzanno, Sangnier and Zavaterro, Parameterized verification of ad hoc networks. CONCUR’00. [Esp14] Esparza, Keeping a crowd safe: on the complexity of parameterized verification. STACS’14. Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 24/ 30
q0 q1 qf ε ??m ??m !!m
unknown number of nodes all running same code broadcast communications Parameterized verification does the network satisfy its specification independently of the number of nodes? Need for probabilities
◮ symmetry breaker in protocols
random backoff time between retransmissions
◮ abstraction of unpredictable behaviour
message losses or node breakdowns
Challenge parameter + non-determinism + probabilities
[GS92] German and Sistla, Reasoning about systems with many processes, JACM 1992. [EFM99] Esparza, Finkel and Mayr, On the verification of broadcast protocols, LICS’99. [DSZ10] Delzanno, Sangnier and Zavaterro, Parameterized verification of ad hoc networks. CONCUR’00. [Esp14] Esparza, Keeping a crowd safe: on the complexity of parameterized verification. STACS’14. Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 24/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
unknown number of nodes identical MDP broadcast communications
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 25/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
unknown number of nodes identical MDP broadcast communications Scheduler chooses active node, action, set of receivers, reception transitions Qualitative parameterized verification do there exist an initial configuration and a scheduler such that almost-surely a property holds?
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 25/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
unknown number of nodes identical MDP broadcast communications Scheduler chooses active node, action, set of receivers, reception transitions Qualitative parameterized verification do there exist an initial configuration and a scheduler such that almost-surely a property holds? Properties
state reachability synchronization
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 25/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
[FSTTCS’13, FoSSaCC’14]
Paulin Fournier’s PhD thesis
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 26/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
[FSTTCS’13, FoSSaCC’14]
Paulin Fournier’s PhD thesis
◮ fixed size clique networks
q0 q0 q0 q0 .5 q0 q0 q0 qd .5 q0 qd q0 qd .5 q0 qd qu qd q0 qd qf q0
qualitative reachability and synchronization pbs mostly undecidable
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 26/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
[FSTTCS’13, FoSSaCC’14]
Paulin Fournier’s PhD thesis
◮ fixed size clique networks
qualitative reachability and synchronization pbs mostly undecidable
◮ dynamic clique networks
q0 q0 q0 q0 q0 qd qd q0 qd qd q0 qu qd qf
qualitative reachability and synchronization pbs decidable and NPR
finite attractor in probabilistic well-structured transition system
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 26/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
[FSTTCS’13, FoSSaCC’14]
Paulin Fournier’s PhD thesis
◮ fixed size clique networks
qualitative reachability and synchronization pbs mostly undecidable
◮ dynamic clique networks
qualitative reachability and synchronization pbs decidable and NPR
finite attractor in probabilistic well-structured transition system
◮ fixed size reconfigurable networks
q0 q0 q0 q0 q0 q0 q0 qd q0 qd q0 qu q0 q0 q0 qu q0 qd q0 qu q0 q0 q0 qf
qualitative reachability pbs decidable, from PTIME to co-NP-complete
involved cases reduce to parity condition in game networks
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 26/ 30
q0 qu qd qf ε,1/2 ε , 1 / 2 ε !!m ??m
◮ networks of many identical probabilistic processes ◮ selective broadcast communications ◮ decidability and complexity of
qualitative parameterized reachability and synchronization problems
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 27/ 30
◮ probabilistic broadcast networks
◮ quantitative analysis ◮ richer properties, proportions
◮ uniform control of many identical MDP
◮ no communication ◮ same control policy for every MDP
a,1/2 a,1/2 b a b a b a,b a,1/8 a,1/2 a,1/2 b a b a b a,b ◮ distributed protocols
◮ synthesis of correct-by-design protocols Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 28/ 30
3 2 1 12 11 10 9 8 7 6 5 4
❶ timed automata ❷ stochastic timed automata ❸ partially observable probabilistic systems ❹ parameterized probabilistic networks
game-based determinization almost sure model checking & quantitative analysis for subclasses control issues for reachability objectives probabilistic B¨ uchi automata cost optimization in partially observable MDP determinacy and complexity of stochastic games passive and active probabilistic fault diagnosis qualitative reachability and synchronization
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 29/ 30
formal verification of quantitative systems
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 30/ 30
More formal verification of more quantitative systems
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 30/ 30
More formal verification of more quantitative systems more theory
◮ partial observation vs no observation ◮ qualitative model checking of general STA
more quantitative analysis
◮ controlling reactive STA for quantitative objectives ◮ quantified diagnosis and tradeoffs ◮ quantitative parameterized verification questions
more applications
◮ systems biology: uniform control of identical MDP ◮ distributed algo: synthesis of correct-by-design protocols ◮ security analysis: partial observation & probabilities
Verification and control of quantitative models – Nathalie Bertrand November 16th 2015 – Habilitation Defense – 30/ 30